rm region tags

2026-01-31 07:12:57 +01:00 · 2021-09-24 17:08:52 -03:00
parent a9a36ace3b
commit ba552251e9
2 changed files with 0 additions and 18 deletions
--- a/ql/src/experimental/CWE-918/SSRF.qll
+++ b/ql/src/experimental/CWE-918/SSRF.qll
@@ -16,7 +16,6 @@ module ServerSideRequestForgery {
  import semmle.go.dataflow.barrierguardutil.RegexpCheck
  import semmle.go.dataflow.Properties

-  //#region config
  /**
   * A taint-tracking configuration for reasoning about request forgery.
   */
@@ -49,8 +48,6 @@ module ServerSideRequestForgery {
    }
  }

-  //#endregion
-  //#region abstract classes
  /** A data flow source for request forgery vulnerabilities. */
  abstract class Source extends DataFlow::Node { }

@@ -77,15 +74,11 @@ module ServerSideRequestForgery {
   */
  abstract class SanitizerGuard extends DataFlow::BarrierGuard { }

-  //#endregion
-  //#region source
  /**
   * An user controlled input, considered as a flow source for request forgery.
   */
  class UntrustedFlowAsSource extends Source, UntrustedFlowSource { }

-  //#endregion
-  //#region sink
  /**
   * The URL of an HTTP request, viewed as a sink for request forgery.
   */
@@ -112,8 +105,6 @@ module ServerSideRequestForgery {
    override string getKind() { result = "WebSocket URL" }
  }

-  //#endregion
-  //#region sanitizers
  /**
   * Result value of prepending a string that prevents any value from controlling the
   * host of a URL.
@@ -168,5 +159,4 @@ module ServerSideRequestForgery {
   * of the error binding exists, and the tag to check is one of "alpha", "alphanum", "alphaunicode", "alphanumunicode", "number", "numeric".
   */
  class ValidatorAsSanitizer extends SanitizerGuard, ValidatorVarCheck { }
-  //#endregion
 }
--- a/ql/test/experimental/CWE-918/builtin.go
+++ b/ql/test/experimental/CWE-918/builtin.go
@@ -46,9 +46,6 @@ func handler1(w http.ResponseWriter, req *http.Request) {

 func test() {

-	// #region x net
-
-	// x net websocket Dial good
 	http.HandleFunc("/ex0", func(w http.ResponseWriter, r *http.Request) {
 		untrustedInput := r.Referer()

@@ -109,10 +106,6 @@ func test() {
 		fmt.Printf("Received: %s.\n", msg[:n])
 	})

-	// #endregion
-
-	// #region gorilla
-
 	// gorilla websocket Dialer.Dial bad
 	http.HandleFunc("/ex6", func(w http.ResponseWriter, r *http.Request) {
 		untrustedInput := r.Referer()
@@ -148,7 +141,6 @@ func test() {
 			dialer.DialContext(context.TODO(), untrustedInput, r.Header) //OK
 		}
 	})
-	// #endregion

 	log.Println(http.ListenAndServe(":80", nil))